The US House of Representatives has just approved a "congressional disapproval" vote of privacy rules, which gives your ISP the right to sell your internet history to the highest bidder.
The measure passed by 215 votes to 205.
This follows the same vote in the Senate last week. Just prior to the vote, a White House spokesman …

weaken Privacy Shield?

It's always been the case under EU data protection that your data can't safely pass through the US anyway. This is why Facebook et al set up EU data centres and refuse requests from US authorities to just pass on information.

The Internet, from your ISP onwards, is still - and always has been - an untrusted connection. If you're transmitting things in plain-text through it, even to next-door, then you're at risk of your traffic being snooped and need to protect, encrypt, VPN, etc.

This won't make any difference to that.

However, I do love the irony of all those years of having US people accuse the UK of playing "Big Brother" when in reality they are years ahead of us in that regard.

You are what you read

"... whether you have any medical conditions; and so on ..."

Any time I read about or hear about some medical condition, I read about it on Wikipedia (and other sites) and follow any interesting looking links. If a similar law passes in the UK, they'll send a medical SWAT team round to my house to seal it off and isolate me.

It may be time to start using a VPN more often. The Opera browser has a free one built in to it.

Note: My ISP (Virgin Media), along with others I'm sure, has the ability to inject their own tab into my browser session to show me anything they want. They have used this technique in the past to nag me about selecting a service option. I would not be surprised if the ISPs themselves started injecting adverts into their customer's browsers in this and other ways.

Re: Opera Browser

You might want to re-read the part of the article warning against using free VPN services. You may also be interested to learn that Opera Software is now owned by the Chinese company Golden Brick Capital Private Equity Fund I Limited Partnership.

Re: You are what you read

If a similar law passes in the UK, they'll send a medical SWAT team round to my house to seal it off and isolate me.

Don't forget under RIPA and DRIPA, GCHQ already have access to this. As we've repeatedly seen this additional hay doesn't help them find the needles. My wife works in child and adult safeguarding, and the sort of things she searches on from our home computer, well, you don't want to know, and you REALLY wouldn't choose to have logged. But after some years in this difficult line of work, we've not had any knocks at the door.

Which either means they're (a) clever enough to properly discriminate different types of search, or (b) they're utterly swamped, and utterly hopeless. My money is on b.

Re: It's times like these...

And they claim to be the land of the free

I can see fun to be had here - go to a neighbours, borrow their wireless and search for lots of random things, then see what the marketeers make of that. The real people who buy the Internet connection then get lots of random and probably inappropriate things marketed to them. This then causes awkward conversations when people try to explain the marketing offers to their other halves ..

Same for the kids browsing when the parents get things marketed to them or vice-versa.

Like many things with a trump badge, its really not thought through is it

Re: And they claim to be the land of the free

On a similar note, but unrelated to ISPs, a friend of mine outlined a prank where a group of people injected white text with strange phrases into their emails to a friend's Gmail account. The target was somewhat puzzled by the subsequent appearance of numerous adverts for goat-related products after this

Re: And they claim to be the land of the free

You raise an interesting point. How granular will this be? House level? Computer level? We have 4 computers networked via router. So when this data gets pasted to the marketers (and probably miscreants, etc. via "purchase of the data" which computer will get tagged? All?

Is it April 1st yet?

What a ridiculous law! If this had been in the headlines sooner there would have been time to co-ordinate a legal protest in the public interest. I can't see how anyone representing the public could have passed such an obtrusive law - our internet history should be considered private information except what you choose to share.

What's to stop someone buying this data and publishing it for all to see? If everyone could see their neighbour's internet history that would surely wake people up to demand their privacy. Any ISP that promises not to share your internet history without charging a premium will corner the market. But I guess not everyone has a choice of ISP.

Re: WTF?

Re: WTF?

Ah, thanks for enlightening us. I was expecting some kind of rant from Breitbart, but it's all very clear.

The gist, cited about 3-4 times, just in case you were wondering how the heck your lawmakers were looking after your interests:

>The FCC will soon return broadband privacy policing to the Federal Trade Commission, where it belongs, like all online privacy.

So, this is NOT about Americans' privacy getting sold out at all. It's about fixing a regrettable bureaucratic turf war.

The FTC, rather than the FCC, will now soon step in and prevent ISPs from selling on your browser history for no discernible purpose other than making some extra $$$. Poor ISP companies, spending all that dosh wining and dining pols, just to have re-lobby all over again at the FTC.

Re: WTF?

I originally downvoted him, but the bit about his mostly agreeing with El Reg clued me in that he's likely just quoting Breibart.

Which is very appropriate, IMHO. It pays to understand what kinda Doublespeak is being used to sell something which has _no_ tangible benefits to the affected people at all.

If you take The Wall, or The Muslim Ban, then though misguided, they at least pander to the prejudices of the core Trump supporters. Ditto increased police snoopiness laws.

Did those Trump supporters realize Washington was going to allow large telecoms (often monopolistic in rural areas) increased leeway to invade their privacy, without upside whatsoever? I guess they didn't and with helpful newsites like Breitbart they are still dupes.

Re: WTF?

They said that in their (majority) opinion, the FCC order exceeded the authority given by the Congress. They might have meant some other, nastier, things, but are not so stupid as to utter them publicly.

Perfect example of conservatives' foolish anti-regulation fetish

Since too much regulation is bad, which is a quite reasonable position to take, by extension they decided all regulation is bad. Because some providers governed by different regulations didn't have to protect your privacy, the solution was seen as "remove privacy protections from all providers". The option of "impose privacy protections equally for all providers" didn't occur to them, because it would mean adding regulation, which is automatically bad.

If there was a lot of competition amongst ISPs this wouldn't really matter, you could choose one that makes a commitment not to sell your information. Unfortunately most people have only two choices, their cable provider and telco provider, and in some cases the second choice is pretty slow so it is effectively a monopoly in their area. What's their choice if they want to preserve privacy, go back to sending paper letters like some kind of a wild animal?

More competition will come once fixed wireless broadband arrives, but not really. You'll have AT&T (who already sells internet service in some areas) or Verizon (ditto) that don't really add much to the selection. This would be a good opportunity for a lesser player like Sprint, but I wonder if there's enough of a market for privacy protection that people would switch over it?

I think most people are ignorant of it, or have resigned themselves that it isn't a battle worth fighting, so they carry their Google spy-phone with them everywhere they go, talk in front of their Amazon spy at home, meaning that selling them spy-free internet service wouldn't be easy.

""American consumers should not have to be lawyers or engineers to figure out if their information is protected," Pai recently told Democratic lawmakers."

So...the solution is to just remove all protections? Oh how fast America has fallen. Not even 4 months now...

"Sen. John Cornyn (R-Texas) argued today that the privacy rules "hurt job creators and stifle economic growth." Cornyn also said the FCC's privacy rulemaking involves the "government picking winners and losers," and was among the "harmful rules and regulations put forward by the Obama administration at the last moment.""

Stifle economic growth? You mean prevent monopolies from making buckets of money while limiting their customer's privacy. Welcome to Trumpmerica.

""hurt job creators and stifle economic growth."

They now have a template document with those line to justify everything. Actually, it's easy money from cheap sources that ""hurt job creators and stifle economic growth". Look at countries living out of raw materials - very little need to innovate and create more industries and (better) jobs. It's no surprise many of the most innovative countries are those were resources are or became scarce.

ISPs that makes a lot of money by reselling user data will have *less* incentives to find other source of revenues. Just sit there, people will use the Internet and money will come in. You can even ask money to those who don't want to be tracked - so earn money without actually doing anything and even saving resources.

Anyway, if you look for a job you have now coal mines to work in... and because "all regulations are wrong", I wouldn't bet about the safety rules there...

So in a house with 3 or 4 people with computers... will it be fine tuned to the individual computer or to the "house"? This could be bad news for some folks if someone starts getting ads based on someone else's browsing preferences.

On the other hand, I suppose I could create much mayhem by using the neighbors WiFil....

I assume if all of your home PCs or devices connect to the internet through the central router provided by your ISP then your ISP would see all traffic from those devices aggregated via the WAN IP and stock DNS addresses that your router has. I'm not sure they would be able to get "per device" granularity - but I'm sure someone more knowledgeable would be able to answer that better.

My advice... ditch the stock ISP router if you can, or at the very least put it into "modem only" mode as you can with Virgin Media ones, and replace it (or stick it behind the B/B modem) with a SOHO one that has enough horsepower and an OpenVPN client baked in - such as the ASUS RT-AC88.

Then configure your router with a paid for VPN service so that everything that goes out of your network is encrypted and only talks to the VPN providers DNS.

And its a forgone conclusion that Trump will sign this.

I guess I can somewhat respect that this will create competition of a sort for Facebook and Google on the ads/browsing data sales side, but basically now you will have a bunch of companies that you have your online history and need to be watched like a hawk.

Re: I wonder if there's anything "interesting" in Mr. Trump's browsing history

Useful article! ... But avoid DuckDuckGo

They're too cosy with Yahoo. Instead try EU based Startpage.com. The problem is Yahoo has a giant credibility problem from bending over to US snoops without a fight, and covering up hacks of every single user / account multiple times over. Plus, it'll be worse when Verizon buys them because Verizon pioneered 'Injecting Perma-Cookies to Track Mobile Customers'.

Re: Useful article! ... But avoid DuckDuckGo

We're the cable company. We don't have to care.

I was doing fine until you got the the part about the ISP caring what you think. These companies are well & truly hated by the consumers, and for good cause. Sure sign that this is not a free market...

Re: Trash the data

Destroying...

is easier than building. US Republicans don't give a fuck about the average Joe: their first objective is to get bribes support from big companies, and screw consumers and citizens! Most of them are unable to react anyway, it's like kicking a dead body.

If anyone one is interested...

...and looking for a VPN service. I did a lot of research and ended up with AirVPN as they came top of my list when addressing privacy concerns. I'm not paid by them or anything - just a recommendation as I know this is a hot topic at the moment.

Agree with El Reg on this one - avoid any free VPNs or free VPN browser "plug-ins" as you need to be asking how they are funding that "free" usage.

For search - use Disconnect or Startpage. Firefox also has some great blockers to prevent sites tracking you - ABP, Privacy Badger and UBlock as starters for 10.

Big Brother is watching you

Don't buy from intrusive adverts!

If people resisted purchasing from intrusive and the 'targeted' or 'tailored' content. The advertisers would stop wasting their money on it. Unfortunately just like SPAM it only needs a few suckers to make the annoyance to the majority of users worth it to the marketing agencies.

Re: Scramble

Agreed. Most fun might be a variation on those bullshit-bingo generators from a few years back. Start with a list of pharmaceutical companies, then a list of their drugs and lastly a list of a few hundred medical conditions. Then issue searches for random combinations of the three.

Re: Whatever happened

TrackMeNot is an add-on for Firefox (not sure if it works on other browsers, as I've not tried).

It runs in the background doing random searches to various search engines. You've control over the search engines, frequency of searches, and to some extent what the searches are for. You can add search engines, and change the sources of the search criteria.

It's certainly not perfect, but it helps muddy the waters for the ISPs.

Re: Whatever happened

This trick only works when the signal-to-noise ratio is high. If there are 1000 random searches and 500 searches for golden showers, then they'll know you share Donald's predilection for golden everything.

TalkTalk ISP Privacy Invading Bot

I am not sure if this is still active but TalkTalk have a privacy invading bot. When you make a visit to a web page the URL is passed to the Bot, and then the Bot visits the same page, presumably to scrape the content. I noticed this when I spotted double-hits in my web server logs.

In response I have blocked the following IPs so they can no longer access my server. For this reason, I don’t see them visit any more, and that is why I am unsure if they are still active. I assume they are.

Note: TalkTalk employs a Chinese contractor to do this for them - huaweisymantec

62.24.181.134

62.24.181.135

62.24.222.131

62.24.222.132

62.24.222.133

62.24.222.134

62.24.252.132

62.24.252.133

69.28.58.3

69.28.58.41

69.28.58.43

69.28.58.5

69.28.58.6

80.40.134.103

80.40.134.104

The scenario in the US reminds me of the gold old days of Phorm intercepting UK traffic.

Where is BigJohn and other Trumpistas?

They were very vocal on how Trump was going to be s star-spangled leader who would introduce a wonderful new world. I haven't seen them around much. Have they forsaken us as a bunch of sad Trotskyites?

Phorm is the new norm in Trump's America.

I've seen this coming for a while. Time was that something like this would have created such outcry, investigations and new regulations, even by republicans. Not no more. Indeed, it's been given the government's personal stamp of approval. As has been pointed out before, people may choose to use GMail, The Face Book, etc. but here in the US, where broaband monopolies are not only allowed, but encouraged, we're forced to use their services or do without. I can choose an alternative to GMail, but many in the US, even in large metro areas, cannot choose a (reasonable) alternative to Comcast or AT&T. So, all we can do is tilt at windmills and give up any notion of online privacy. As of now, I personally can't wait to serve our new monitization overlords.

Re: Phorm is the new norm in Trump's America.

When Nebuad attempted to do the same as Phorm in the US, it did result in an outcry and congressional hearings.

You might recall this;-

https://www.youtube.com/watch?v=l0AN-UhzsNs

"Just because I belong to an ISP, doesn't give you the right to track me. If I want to be tracked it should be affirmative... it really should be opt in. Why do I have to opt out. Why should the burden be on the American consumer?" said Bart Stupak.

Now, as I understand it, you have no option at all.

Quite apart from the personal intrusion, it also affects the other party to the communication. It is automated industrial espionage / intellectual property theft that will strip hard working law abiding content creators of their business.

The current vacuum of political opposition in the US (and the UK) is truly terrifying.

Change DNS ?

Re: Change DNS ?

They'll just pull all your DNS packets. DNS is very high volume, is very well known, and isn't encrypted. I'd be surprised if an ISP -didn't- have a network tap on their routers to siphon off port TCP/53 traffic.

Privacy

Not the advertisers I'm concerned about

I am worried that the Administration is going to start buying, from the ISPs, lists of people going to certain websites, such as those for immigration / civil rights lawyers, mosques / temples, news sites that disagree with the administration, or pretty much any other website that the president disagrees with.

At the very least, I predict that the Twitter Twat will buy all the information he can about celebrities that disagree with him just to run smear campaigns (and using tax-payer money to do it).

Gotchas

Over several years of ISPs collecting and selling PI, everyone will eventually be profiled. Phones, gaming systems, TVs, computers and IOT devices slurping it all up. Politicians have these devices too, so their browsing history and life style choices will be stored and available to whomever wants to exploit it.. Tit for tat as they say.

I would not be surprised if future ISP service agreements state that you can not use any tools or services that prevent them from their legal access to customer data. . VPNs may face legal challenges. This was raised by a poster elsewhere and I think they have a point, so I decided to repeat it.

This is a job for the FTC not the FCC

The FCC's rules were an overreach and not in line with the FCC's charter.

Customer privacy rules belong to the FTC. If you have a problem, write them a letter. We don't need two separate govt entities doing the same job, growing the gov, wasting tax money and frustrating the businesses wondering who has the whip. Just reducing over-regulation, dont-cha-know.

Still surprised by this: "A virtual private network is an alternative that will work for lots of people, especially if your work has a VPN service that you can use for free. This again will cut off your ISP's ability to see what you are doing.". Because it fails to add: This will, of course, allow your employer to see everything you do and particularly: If your work happens to use an internet appliance it can see through your https traffic.